CVE-2026-21570

CWE-94Code Injection4 documents4 sources
Severity
8.6HIGH
EPSS
0.6%
top 30.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Atlassian Bamboo Data Center
Timeline
PublishedMar 17

Description

This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.6, allows an authenticated attacker to execute malicious code on the remote system. Atlassian recommends that Bamboo Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5atlassian/bamboo_data_center7 versions+6

🔴Vulnerability Details

2
CVEList
CVE-2026-21570: This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 92026-03-17
GHSA
GHSA-c7mx-5c2c-78hh: This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 92026-03-17

🕵️Threat Intelligence

1
Wiz
CVE-2026-21570 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-21570 (HIGH CVSS 8.6) | This High severity RCE (Remote Code | cvebase.io